diablo45 utworzono 5 sierpnia 2008 utworzono 5 sierpnia 2008 ComboFix 08-08-04.06 - Tomek i Agata 2008-08-05 17:20:06.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1630 [GMT 2:00]Running from: C:\Documents and Settings\Tomek i Agata\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))).2008-08-04 22:42 . 2008-08-04 22:40 338,560 --a------ C:\WINDOWS\hpdj5100.hi22008-08-04 22:42 . 2008-08-04 22:40 6,469 --a------ C:\WINDOWS\hpdj5100.bu22008-08-04 22:40 . 2008-08-04 22:41 54,076 --a------ C:\WINDOWS\hpdj5100.hi12008-08-04 22:40 . 2008-08-04 22:41 4,609 --a------ C:\WINDOWS\hpdj5100.bu12008-08-04 21:18 . 2008-08-05 00:33 <DIR> d-------- C:\Program Files\Hewlett-Packard2008-08-04 21:17 . 2008-08-04 22:43 54,076 --a------ C:\WINDOWS\hpdj5100.his2008-08-04 21:17 . 2008-08-04 22:43 4,609 --a------ C:\WINDOWS\hpdj5100.ini2008-08-04 21:06 . 2008-08-04 21:06 60 --a------ C:\WINDOWS\wininit.ini2008-08-04 21:03 . 2008-08-04 21:03 <DIR> d-------- C:\Program Files\English Translator 32008-08-04 20:46 . 2008-08-04 20:46 69 --a------ C:\WINDOWS\NeroDigital.ini2008-08-04 20:32 . 2008-08-04 20:32 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR2008-08-04 20:31 . 2008-08-04 20:31 <DIR> d-------- C:\Program Files\Common Files\Adobe2008-08-04 20:17 . 2008-08-04 20:17 <DIR> d-------- C:\Program Files\Common Files\LightScribe2008-08-04 20:16 . 2008-08-04 20:16 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Ahead2008-08-04 20:12 . 2008-08-04 20:12 <DIR> d-------- C:\Program Files\Nero2008-08-04 20:12 . 2008-08-04 20:16 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-08-04 20:12 . 2008-08-04 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-08-04 20:06 . 2008-08-04 20:06 <DIR> d-------- C:\Program Files\PWN2008-08-04 20:01 . 2008-08-04 20:01 <DIR> d-------- C:\Program Files\TEXTware2008-08-04 20:01 . 2008-08-04 20:01 <DIR> d-------- C:\Program Files\Cambridge2008-08-04 20:01 . 2000-12-07 15:26 284,672 --a------ C:\WINDOWS\system32\MPGPlay.dll2008-08-04 19:50 . 2008-08-04 19:50 427 --a------ C:\WINDOWS\ODBC.INI2008-08-04 19:47 . 2008-08-04 19:49 <DIR> d-------- C:\WINDOWS\ShellNew2008-08-03 19:43 . 2008-08-03 19:43 <DIR> d-------- C:\Program Files\OpenOffice.org 2.42008-08-03 18:39 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys2008-08-03 18:38 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-08-03 18:38 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys2008-08-02 22:09 . 2008-08-02 22:09 <DIR> d-------- C:\Program Files\Xvid2008-08-02 22:04 . 2008-08-02 22:04 <DIR> d-------- C:\Program Files\MarBit2008-08-02 22:00 . 2008-08-02 22:00 92 --a------ C:\WINDOWS\VplayerINI.vpl2008-08-02 21:59 . 2008-08-02 21:59 <DIR> d-------- C:\Program Files\Real2008-08-02 21:59 . 2008-08-02 21:59 <DIR> d-------- C:\Program Files\Common Files\xing shared2008-08-02 21:59 . 2008-08-02 21:59 <DIR> d-------- C:\Program Files\Common Files\Real2008-08-02 21:59 . 2008-08-02 21:59 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll2008-08-02 21:59 . 2008-08-02 21:59 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll2008-08-02 21:59 . 2008-08-02 22:00 976 --a------ C:\WINDOWS\VPlayer.INI2008-08-02 21:52 . 2008-08-02 21:52 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\BESTplayer2008-08-02 18:28 . 1998-10-29 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe2008-08-02 18:28 . 2007-10-11 11:10 30,008 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys2008-08-02 18:28 . 2008-08-05 16:26 24,944 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys2008-08-02 08:56 . 2008-08-02 08:56 <DIR> d-------- C:\Program Files\Activision2008-08-02 08:33 . 2008-08-02 15:35 <DIR> d-------- C:\Program Files\ATITool2008-08-01 06:53 . 2008-08-01 06:54 <DIR> d-------- C:\WINDOWS\NV28882892.TMP2008-08-01 06:52 . 2008-08-01 06:52 <DIR> d-------- C:\NVIDIA2008-07-31 21:15 . 2008-07-31 21:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-07-31 21:15 . 2008-07-31 21:15 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe2008-07-31 21:15 . 2008-07-31 21:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe2008-07-31 21:15 . 2008-07-31 21:15 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-07-31 21:15 . 2008-07-31 21:15 22,328 --a------ C:\Documents and Settings\Tomek i Agata\Dane aplikacji\PnkBstrK.sys2008-07-31 21:14 . 2008-08-02 09:04 319 --a------ C:\WINDOWS\game.ini2008-07-31 13:56 . 2008-07-31 13:56 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\InstallShield2008-07-31 13:53 . 2008-07-31 13:53 <DIR> d-------- C:\Program Files\ASUS2008-07-31 12:52 . 2008-07-31 12:52 <DIR> d-------- C:\WINDOWS\system32\Lang2008-07-31 12:52 . 2008-07-31 12:52 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav2008-07-31 12:52 . 2008-07-31 12:52 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav2008-07-31 12:51 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys2008-07-31 12:51 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys2008-07-31 12:51 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys2008-07-31 12:51 . 2001-08-17 22:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys2008-07-31 12:51 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys2008-07-31 12:51 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys2008-07-31 12:51 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys2008-07-31 12:51 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys2008-07-31 00:27 . 2008-07-31 00:27 <DIR> d-------- C:\Program Files\Realtek AC972008-07-31 00:21 . 2008-07-31 00:24 <DIR> d-------- C:\Program Files\Winamp2008-07-31 00:21 . 2008-07-31 00:24 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Winamp2008-07-31 00:09 . 2008-07-31 12:51 <DIR> d-------- C:\WINDOWS\system32\RTCOM2008-07-30 22:15 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll2008-07-30 22:15 . 2004-08-04 00:44 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll2008-07-30 22:15 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys2008-07-30 22:15 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys2008-07-30 22:15 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys2008-07-30 22:14 . 2008-07-30 22:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-30 22:14 . 2008-07-30 22:14 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione2008-07-30 22:14 . 2008-07-30 14:22 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony2008-07-30 22:14 . 2008-07-30 22:14 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit2008-07-30 22:14 . 2008-07-30 22:14 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty2008-07-30 22:14 . 2008-07-30 22:14 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start2008-07-30 22:14 . 2008-07-30 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione2008-07-30 22:14 . 2008-08-03 19:43 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony2008-07-30 22:14 . 2008-08-04 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit2008-07-30 22:14 . 2008-08-04 19:49 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start2008-07-30 22:14 . 2008-07-30 23:56 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty2008-07-30 22:13 . 2008-08-04 22:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot22008-07-30 22:13 . 2008-07-30 22:14 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji2008-07-30 22:13 . 2008-08-04 20:12 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji2008-07-30 21:17 . 2008-07-30 21:17 315,392 --a------ C:\WINDOWS\HideWin.exe2008-07-30 20:33 . 2008-07-30 23:29 <DIR> d-------- C:\WINDOWS\NV1032476.TMP2008-07-30 20:33 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb2008-07-30 20:25 . 2008-07-30 20:25 <DIR> d-------- C:\WINDOWS\OPTIONS2008-07-30 20:25 . 2008-07-31 00:09 <DIR> d-------- C:\Program Files\Realtek2008-07-30 20:25 . 2008-01-03 16:10 105,856 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys2008-07-30 20:14 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe2008-07-30 20:14 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys2008-07-30 20:14 . 2008-06-19 16:24 278,528 --a------ C:\WINDOWS\system32\ALSndMgr.cpl2008-07-30 20:14 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav2008-07-30 20:14 . 2008-06-18 18:01 77,824 --a------ C:\WINDOWS\SoundMan.exe2008-07-30 20:14 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe2008-07-30 20:13 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe2008-07-30 20:13 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe2008-07-30 18:06 . 2008-07-30 18:06 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Ubisoft2008-07-30 18:05 . 2008-07-30 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-07-30 17:56 . 2008-08-02 18:27 <DIR> d--h----- C:\Program Files\InstallShield Installation Information2008-07-30 17:29 . 2008-08-02 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles2008-07-30 17:11 . 2008-07-30 17:11 <DIR> d-------- C:\Program Files\Trend Micro2008-07-30 17:00 . 2008-07-30 17:00 <DIR> d-------- C:\Program Files\Lavalys2008-07-30 16:55 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll2008-07-30 16:55 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll2008-07-30 16:55 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll2008-07-30 16:55 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll2008-07-30 16:55 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll2008-07-30 16:55 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll2008-07-30 16:55 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll2008-07-30 16:55 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll2008-07-30 16:55 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll2008-07-30 16:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll2008-07-30 16:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll2008-07-30 16:05 . 2008-07-30 16:05 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu2008-07-30 16:05 . 2008-07-31 22:22 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Nowe Gadu-Gadu2008-07-30 15:12 . 2008-07-30 15:12 <DIR> d-------- C:\Program Files\Tlen.pl2008-07-30 15:12 . 2008-07-30 15:12 <DIR> d-------- C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Tlen.pl.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-02 16:28 --------- d-----w C:\Program Files\GIGABYTE2008-08-02 16:25 16,608 ----a-w C:\WINDOWS\gdrv.sys2008-07-31 11:53 --------- d-----w C:\Program Files\Common Files\InstallShield2008-07-30 21:59 --------- d-----w C:\Program Files\Intel2008-07-30 12:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-07-30 12:48 --------- d-----w C:\Program Files\ESET2008-07-30 12:48 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET2008-07-30 12:25 --------- d-----w C:\Program Files\microsoft frontpage2008-07-30 12:22 --------- d-----w C:\Program Files\Usługi online2008-06-27 09:24 4,742,656 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys2008-06-27 09:23 16,875,008 ----a-w C:\WINDOWS\RTHDCPL.exe2008-06-19 14:42 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe2008-06-19 14:20 57,344 ----a-w C:\WINDOWS\Alcmtr.exe2008-06-10 16:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys2008-05-16 09:48 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]"EasyTuneVPro"="C:\Program Files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 15:05 20480]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-02 21:59 185896]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 11:23 16875008 C:\WINDOWS\RTHDCPL.exe]"SoundMan"="SOUNDMAN.EXE" [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe]"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\Tomek i Agata\Menu Start\Programy\Autostart\GIGABYTE Gamer HUD.lnk - C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Microsoft\Installer\{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe [2008-07-30 14:58:08 40960]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BOOKcase 4.0.lnk - C:\Program Files\TEXTware\BOOKcase40\BC40CASE.exe [2008-08-04 20:01:51 426028]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.I420"= i263_32.drv[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Tlen.pl\\tlen.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="D:\\GRY\\Assasin's Creed\\AssassinsCreed_Dx9.exe"="D:\\GRY\\Assasin's Creed\\AssassinsCreed_Dx10.exe"="D:\\GRY\\Assasin's Creed\\AssassinsCreed_Launcher.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - ORPHANS REMOVED - - - -HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exeHKLM-Run-GEST - (no file).------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Tomek i Agata\Dane aplikacji\Mozilla\Firefox\Profiles\qb4ed8hd.default\**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-05 17:21:10Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-05 17:21:43ComboFix-quarantined-files.txt 2008-08-05 15:21:41Pre-Run: 14,863,945,728 bajtów wolnychPost-Run: 14,985,924,608 bajtów wolnych221
snip91 komentarz 5 sierpnia 2008 komentarz 5 sierpnia 2008 Czysto. Bynajmniej ja tutaj nic groźnego nie widzę.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.